"WebKit relies on branch instructions to enforce what untrusted JavaScript and WebAssembly code can do. Spectre means that an attacker can control branches, so branches alone are no longer adequate for enforcing security properties.

Meltdown means that userland code, such as JavaScript running in a web browser, can read kernel memory."